SoheilKhodayari/TheThing external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

SoheilKhodayari/TheThing

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/SoheilKhodayari/TheThing)

Close

SoheilKhodayari / TheThingView on GitHubMore

• External links
• Readme badge

TheThing: an open-source tool to detect DOM Clobbering vulnerabilities

☆57Oct 25, 2023Updated 2 years ago

Alternatives and similar repositories for TheThing

Users that are interested in TheThing are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• SoheilKhodayari / DOMClobbering

  View on GitHub
  DOM Clobbering Wiki, Browser Testing, and Payload Generation
  ☆61Dec 18, 2025Updated 5 months ago
• SoheilKhodayari / JAW

  View on GitHub
  JAW: A Graph-based Security Analysis Framework for Client-side JavaScript
  ☆118Feb 13, 2026Updated 3 months ago
• jackfromeast / TheHulk

  View on GitHub
  TheHulk is a dynamic analysis tool designed to detect and exploit DOM Clobbering vulnerabilities.
  ☆94Aug 25, 2025Updated 9 months ago
• SAP / project-foxhound

  View on GitHub
  A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozi…
  ☆170May 19, 2026Updated last week
• SoheilKhodayari / Basta-COSI

  View on GitHub
  A framework for the detection of COSI vulnerabilities / XS-Leaks
  ☆14Mar 29, 2023Updated 3 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• jackfromeast / dom-clobbering-collection

  View on GitHub
  A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.
  ☆50Aug 31, 2025Updated 8 months ago
• KTH-LangSec / silent-spring

  View on GitHub
  Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
  ☆75Jan 21, 2024Updated 2 years ago
• DukeSec97 / Collection-of-over-9000-xss-payloads.heavy-xss-collection

  View on GitHub
  Collection of over 9000 xss payloads | heavy xss collection
  ☆13Dec 6, 2022Updated 3 years ago
• JorianWoltjer / nodejs-file-write-rce

  View on GitHub
  NodeJS File Write to RCE on a read-only filesystem using a ROP chain in libuv
  ☆38Oct 13, 2024Updated last year
• Slonser / hui

  View on GitHub
  HTML Universal Identifier
  ☆68Dec 15, 2024Updated last year
• testable-eu / sast-testability-patterns

  View on GitHub
  Testability Pattern Catalogs for SAST
  ☆35Feb 18, 2025Updated last year
• francisconeves97 / jxscout-caido

  View on GitHub
  Caido plugin for jxscout
  ☆15May 11, 2026Updated 2 weeks ago
• testable-eu / sast-tp-framework

  View on GitHub
  TP-Framework: Testability Pattern Framework for SAST
  ☆16May 10, 2024Updated 2 years ago
• devanshbatham / getsan

  View on GitHub
  A utility to fetch and display dns names from the SSL/TLS cert data
  ☆16Aug 11, 2023Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• oshp / oshp-stats

  View on GitHub
  Stats about HTTP response security headers usage mentioned by the OSHP.
  ☆16Jan 25, 2026Updated 4 months ago
• ZeddYu / TLS-poison

  View on GitHub
  ☆17May 10, 2021Updated 5 years ago
• u1f383 / writeup

  View on GitHub
  ctf writeup and log
  ☆49Nov 30, 2024Updated last year
• surviveRuins / css-scrollbar-attack

  View on GitHub
  PoC for leaking text nodes via CSS injection
  ☆25Jul 27, 2024Updated last year
• EkiXu / marshalexp

  View on GitHub
  ☆23Jan 2, 2023Updated 3 years ago
• engn33r / awesome-redos-security

  View on GitHub
  List of RegEx DoS (ReDoS) CVEs and resources
  ☆30Feb 6, 2023Updated 3 years ago
• itsmenaga / Nuclei-Templates-All

  View on GitHub
  ☆29May 22, 2024Updated 2 years ago
• ElectrovoltSec / HackBench

  View on GitHub
  How effective are LLMs in identifying and exploiting security vulnerabilities?
  ☆70Feb 28, 2025Updated last year
• Hacking-Notes / ClickMe

  View on GitHub
  Clickme is a powerful multi-step clickjacking tool designed for security professionals. Create, visualize, and demonstrate complex clickj…
  ☆14Sep 4, 2025Updated 8 months ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• caioluders / LostAndFound

  View on GitHub
  ☆30Mar 12, 2026Updated 2 months ago
• KTH-LangSec / server-side-prototype-pollution

  View on GitHub
  A collection of Server-Side Prototype Pollution gadgets and exploits
  ☆230Feb 6, 2025Updated last year
• ssl / shortboost

  View on GitHub
  Unicode characters that will translate a single character to multiple characters in domain names or TLD's
  ☆51Nov 23, 2024Updated last year
• doyensec / Unsafe-Unpacking

  View on GitHub
  Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide
  ☆44Dec 16, 2024Updated last year
• kevin-mizu / domloggerpp

  View on GitHub
  A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
  ☆797Dec 9, 2025Updated 5 months ago
• bjornhels / CVE-2025-30065

  View on GitHub
  PoC
  ☆12Apr 7, 2025Updated last year
• CesarMRodriguez / intro-pentest-android-nerdearla101v2

  View on GitHub
  Material e instructivo para el Workshop de nerdearla 101 v2
  ☆13Jul 27, 2022Updated 3 years ago
• Song-Li / ObjLupAnsys

  View on GitHub
  ObjLupAnsys is a tool to detect prototype pollution vulnerabilities in Node.js packages. This project is written in Python and JavaScript…
  ☆25Nov 30, 2021Updated 4 years ago
• kondukto-io / semgrep-rules

  View on GitHub
  Custom semgrep rules registry
  ☆14Aug 23, 2022Updated 3 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• zb3 / getfrontend

  View on GitHub
  Get and extract the frontend code of a SPA, finding all chunks and recreating the original code from source maps. Should support common w…
  ☆51Jul 23, 2025Updated 10 months ago
• Iansus / DllProxy

  View on GitHub
  ☆17Jun 28, 2023Updated 2 years ago
• exploit-io / nuclei-fuzz-templates

  View on GitHub
  Gathering All Nuclei Fuzzing Templates in a Single Repo.
  ☆11Apr 23, 2024Updated 2 years ago
• harisec / orange-confusion-attacks

  View on GitHub
  Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
  ☆21Aug 25, 2024Updated last year
• rmb122 / ebpf-backdoor-demo

  View on GitHub
  linux ebpf backdoor demo
  ☆12Nov 20, 2024Updated last year
• lauritzh / auth-request-analyser

  View on GitHub
  This Chromium extensions aims at supporting the analysis of single sign-on implementations, by offering semi-automated analysis and attac…
  ☆29Jul 4, 2023Updated 2 years ago
• BlackFan / client-side-prototype-pollution

  View on GitHub
  Prototype Pollution and useful Script Gadgets
  ☆1,623Jan 27, 2024Updated 2 years ago